---

CVE-2021-3392 - log back

CVE-2021-3392 edited at 29 Apr 2021 22:48:18
References	https://www.openwall.com/lists/oss-security/2021/02/05/2 https://bugs.launchpad.net/qemu/+bug/1914236 - https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html + https://git.qemu.org/?p=qemu.git;a=commitdiff;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d

CVE-2021-3392 edited at 05 Feb 2021 08:48:18
References	- https://bugzilla.redhat.com/show_bug.cgi?id=1924042 + https://www.openwall.com/lists/oss-security/2021/02/05/2 https://bugs.launchpad.net/qemu/+bug/1914236 https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html

CVE-2021-3392 edited at 03 Feb 2021 08:42:21
References	https://bugzilla.redhat.com/show_bug.cgi?id=1924042 https://bugs.launchpad.net/qemu/+bug/1914236 + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html

CVE-2021-3392 edited at 02 Feb 2021 13:26:34

Description

- A use after-free-issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario. + A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.

CVE-2021-3392 edited at 02 Feb 2021 13:25:52
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A use after-free-issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1924042 + https://bugs.launchpad.net/qemu/+bug/1914236

CVE-2021-3392 created at 02 Feb 2021 13:24:40
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes